buildsystem/manifests/init.pp

class buildsystem {

    class base {
        $build_login = "iurt"
        $build_home_dir = "/home/$build_login"
        $sched_login = "schedbot"
        $sched_home_dir = "/var/lib/$sched_login"
        $sign_login = "signbot"
        $sign_home_dir = "/var/lib/$sign_login"
        $sign_keydir = "$sign_home_dir/keys"
        # FIXME: maybe keyid should be defined at an other place
        $sign_keyid = "80420F66"
        $repository_root = "/distrib/bootstrap"
        $packagers_group = 'mga-packagers'
        $createsrpm_path = '/usr/share/repsys/create-srpm'

        include ssh::auth
        ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
                home => $build_home_dir,
        }
        ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
                home => $sched_home_dir,
        }
    }

    class mainnode inherits base {
        include iurtuser

        sshuser { $sched_login:
          homedir => $sched_home_dir,
          comment => "System user used to schedule builds",
        }

        ssh::auth::client { $sched_login: }
        ssh::auth::server { $sched_login: }
        ssh::auth::server { $build_login: }

        # FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
        $package_list = ['iurt']
        package { $package_list:
            ensure => "installed"
        }

        apache::vhost_other_app { "repository.$domain":
            vhost_file => "buildsystem/vhost_repository.conf",
        }

        apache::vhost_other_app { "pkgsubmit.$domain":
            vhost_file => "buildsystem/vhost_pkgsubmit.conf",
        }

        include scheduler
        include gatherer
        include mgarepo
        include youri_submit
        include check_missing_deps 
        include signbot
    }

    class buildnode inherits base {
        include iurt
    }

    class signbot {
        sshuser { $sign_login:
          homedir => $sign_home_dir,
          comment => "System user used to sign packages",
          groups => [$sched_login],
        }

        gnupg::keys{"packages":
          email => "packages@$domain",
          #FIXME there should be a variable somewhere to change the name of the distribution
          key_name => 'Mageia Packages',
          login => $sign_login,
          batchdir => "$sign_home_dir/batches",
          keydir => $sign_keydir,
        }

        sudo::sudoers_config { "signpackage":
            content => template("buildsystem/sudoers.signpackage")
        }

        file { "$sign_home_dir/.rpmmacros":
            ensure => present,
            owner => root,
            group => root,
            mode => 644,
            content => template("buildsystem/signbot-rpmmacros")
        }
    }

    class scheduler {
        # ulri        
        include iurtupload
    }

    class gatherer {
        # emi
        include iurtupload
    }

    class iurtupload {
        file { "/etc/iurt/upload.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt"],
            content => template("buildsystem/upload.conf")
        }
    }
    
    class mgarepo {
        package { 'mgarepo':

        }

        package { 'rpm-build':
        }

        file { "repsys.conf":
          path => "/etc/repsys.conf",
          owner  => root,
          group => root,
          mode => 644,
          content => template("buildsystem/repsys.conf")
        }

        file { "$sched_home_dir/repsys":
            ensure => "directory",
            owner  => $sched_login,
            require => File[$sched_home_dir],
        }

        file { "$sched_home_dir/repsys/tmp":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        file { "$sched_home_dir/repsys/srpms":
            ensure => "directory",
            owner  => $sched_login,
            group => "mga-packagers",
            mode => 1775,
            require => File["$sched_home_dir/repsys"],
        }

        # FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
        #file { "$sched_home_dir/uploads":
        #    ensure => "directory",
        #    owner  => $sched_login,
        #    require => File[$sched_home_dir],
        #}

        # too tedious to create everything by hand
        # so I prefered to used some puppet ruby module
        # the exact content and directory name should IMHO be consolidated somewhere
        import "create_upload_dir.rb"
        create_upload_dir { "$sched_home_dir/uploads":
            owner => $sched_login, 
            group => $sched_login,
        } 
    }

    class youri_submit {
        include sudo

        file { "/usr/local/bin/mdv-youri-submit":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit")
        }

        file { "/usr/local/bin/mdv-youri-submit.wrapper":
          owner  => root,
          group => root,
          mode => 755,
          content => template("buildsystem/mdv-youri-submit.wrapper")
        }

        sudo::sudoers_config { "mdv-youri-submit":
            content => template("buildsystem/sudoers.youri")
        }

        file { "/etc/youri":
            ensure => "directory",
        }

        file { "/etc/youri/submit-todo.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-todo.conf")
        }

        file { "/etc/youri/submit-upload.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/submit-upload.conf")
        }

        file { "/etc/youri/acl.conf":
            ensure => present,
            mode => 644,
            require => File["/etc/youri"],
            content => template("buildsystem/youri_acl.conf")
        }

        file { '/usr/local/bin/submit_package':
            ensure => present,
            mode => 755,
            content => template('buildsystem/submit_package')
        }
    }

    # $groups: array of secondary groups (only local groups, no ldap)
    define sshuser($homedir, $comment, $groups = []) {
        group {"$title": 
            ensure => present,
        }

        user {"$title":
            ensure => present,
            comment => $comment,
            managehome => true,
            home => $homedir,
            gid => $title,
            groups => $groups,
            shell => "/bin/bash",
            notify => Exec["unlock$title"],
            require => Group[$title],
        }

        # set password to * to unlock the account but forbid login through login
        exec { "unlock$title":
            command => "usermod -p '*' $title",
            refreshonly => true,
        }

        file { $homedir:
            ensure => "directory",
            require => User[$title],
        }

        file { "$homedir/.ssh":
            ensure => "directory",
            mode   => 600,
            owner  => $title,
            group  => $title,
            require => File[$homedir],
        }
    }

    class iurtuser {
        sshuser { $build_login:
          homedir => $build_home_dir,
          comment => "System user used to run build bots",
        }

        file { "/etc/iurt":
            ensure => "directory",
        }
    }

    class iurt {
        include sudo
        include iurtuser
        ssh::auth::client { $build_login: }
        ssh::auth::server { $sched_login: user => $build_login }

        # build node common settings
        # we could have the following skip list to use less space:
        # '/(drakx-installer-binaries|drakx-installer-advertising|gfxboot|drakx-installer-stage2|mandriva-theme)/'
        $package_list = ['task-bs-cluster-chroot', 'iurt']
        package { $package_list:
            ensure => installed;
        }

        file { "/etc/iurt/build":
            ensure => "directory",
            require => File["/etc/iurt"],
        }

        file { "/etc/iurt/build/cauldron.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.cauldron.conf")
        }

        file { "/etc/iurt/build/mandriva2010.1.conf":
            ensure => present,
            owner => $build_login,
            group => $build_login,
            mode => 644,
            require => File["/etc/iurt/build"],
            content => template("buildsystem/iurt.mandriva2010.1.conf")
        }

        sudo::sudoers_config { "iurt":
            content => template("buildsystem/sudoers.iurt")
        }
    }

    # temporary script to create home dir with ssh key
    # taking login and url as arguments
    class mgacreatehome {
        file { "/usr/local/sbin/mgacreatehome":
            ensure => present,
            owner => root,
            group => root,
            mode => 700,
            content => template("buildsystem/mgacreatehome")
        }
    }

    class check_missing_deps {
        file { "/usr/local/bin/missing-deps.sh":
            ensure => present,
            owner => root,
            group => root,
            mode => 755,
            source => "puppet:///modules/buildsystem/missing-deps.sh",
        }
    
        # FIXME hardcoded path
        cron { "check missing deps":
            command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
            minute => "*/15",
        }
    }
}
1	class buildsystem {
2
3	class base {
4	$build_login = "iurt"
5	$build_home_dir = "/home/$build_login"
6	$sched_login = "schedbot"
7	$sched_home_dir = "/var/lib/$sched_login"
8	$sign_login = "signbot"
9	$sign_home_dir = "/var/lib/$sign_login"
10	$sign_keydir = "$sign_home_dir/keys"
11	# FIXME: maybe keyid should be defined at an other place
12	$sign_keyid = "80420F66"
13	$repository_root = "/distrib/bootstrap"
14	$packagers_group = 'mga-packagers'
15	$createsrpm_path = '/usr/share/repsys/create-srpm'
16
17	include ssh::auth
18	ssh::auth::key { $build_login: # declare a key for build bot: RSA, 2048 bits
19	home => $build_home_dir,
20	}
21	ssh::auth::key { $sched_login: # declare a key for sched bot: RSA, 2048 bits
22	home => $sched_home_dir,
23	}
24	}
25
26	class mainnode inherits base {
27	include iurtuser
28
29	sshuser { $sched_login:
30	homedir => $sched_home_dir,
31	comment => "System user used to schedule builds",
32	}
33
34	ssh::auth::client { $sched_login: }
35	ssh::auth::server { $sched_login: }
36	ssh::auth::server { $build_login: }
37
38	# FIXME Add again task-bs-cluster-main when it will require mgarepo instead of repsys
39	$package_list = ['iurt']
40	package { $package_list:
41	ensure => "installed"
42	}
43
44	apache::vhost_other_app { "repository.$domain":
45	vhost_file => "buildsystem/vhost_repository.conf",
46	}
47
48	apache::vhost_other_app { "pkgsubmit.$domain":
49	vhost_file => "buildsystem/vhost_pkgsubmit.conf",
50	}
51
52	include scheduler
53	include gatherer
54	include mgarepo
55	include youri_submit
56	include check_missing_deps
57	include signbot
58	}
59
60	class buildnode inherits base {
61	include iurt
62	}
63
64	class signbot {
65	sshuser { $sign_login:
66	homedir => $sign_home_dir,
67	comment => "System user used to sign packages",
68	groups => [$sched_login],
69	}
70
71	gnupg::keys{"packages":
72	email => "packages@$domain",
73	#FIXME there should be a variable somewhere to change the name of the distribution
74	key_name => 'Mageia Packages',
75	login => $sign_login,
76	batchdir => "$sign_home_dir/batches",
77	keydir => $sign_keydir,
78	}
79
80	sudo::sudoers_config { "signpackage":
81	content => template("buildsystem/sudoers.signpackage")
82	}
83
84	file { "$sign_home_dir/.rpmmacros":
85	ensure => present,
86	owner => root,
87	group => root,
88	mode => 644,
89	content => template("buildsystem/signbot-rpmmacros")
90	}
91	}
92
93	class scheduler {
94	# ulri
95	include iurtupload
96	}
97
98	class gatherer {
99	# emi
100	include iurtupload
101	}
102
103	class iurtupload {
104	file { "/etc/iurt/upload.conf":
105	ensure => present,
106	owner => $build_login,
107	group => $build_login,
108	mode => 644,
109	require => File["/etc/iurt"],
110	content => template("buildsystem/upload.conf")
111	}
112	}
113
114	class mgarepo {
115	package { 'mgarepo':
116
117	}
118
119	package { 'rpm-build':
120	}
121
122	file { "repsys.conf":
123	path => "/etc/repsys.conf",
124	owner => root,
125	group => root,
126	mode => 644,
127	content => template("buildsystem/repsys.conf")
128	}
129
130	file { "$sched_home_dir/repsys":
131	ensure => "directory",
132	owner => $sched_login,
133	require => File[$sched_home_dir],
134	}
135
136	file { "$sched_home_dir/repsys/tmp":
137	ensure => "directory",
138	owner => $sched_login,
139	group => "mga-packagers",
140	mode => 1775,
141	require => File["$sched_home_dir/repsys"],
142	}
143
144	file { "$sched_home_dir/repsys/srpms":
145	ensure => "directory",
146	owner => $sched_login,
147	group => "mga-packagers",
148	mode => 1775,
149	require => File["$sched_home_dir/repsys"],
150	}
151
152	# FIXME: disabled temporarly as upload dir is a symlink to /var/lib/repsys/uploads
153	#file { "$sched_home_dir/uploads":
154	# ensure => "directory",
155	# owner => $sched_login,
156	# require => File[$sched_home_dir],
157	#}
158
159	# too tedious to create everything by hand
160	# so I prefered to used some puppet ruby module
161	# the exact content and directory name should IMHO be consolidated somewhere
162	import "create_upload_dir.rb"
163	create_upload_dir { "$sched_home_dir/uploads":
164	owner => $sched_login,
165	group => $sched_login,
166	}
167	}
168
169	class youri_submit {
170	include sudo
171
172	file { "/usr/local/bin/mdv-youri-submit":
173	owner => root,
174	group => root,
175	mode => 755,
176	content => template("buildsystem/mdv-youri-submit")
177	}
178
179	file { "/usr/local/bin/mdv-youri-submit.wrapper":
180	owner => root,
181	group => root,
182	mode => 755,
183	content => template("buildsystem/mdv-youri-submit.wrapper")
184	}
185
186	sudo::sudoers_config { "mdv-youri-submit":
187	content => template("buildsystem/sudoers.youri")
188	}
189
190	file { "/etc/youri":
191	ensure => "directory",
192	}
193
194	file { "/etc/youri/submit-todo.conf":
195	ensure => present,
196	mode => 644,
197	require => File["/etc/youri"],
198	content => template("buildsystem/submit-todo.conf")
199	}
200
201	file { "/etc/youri/submit-upload.conf":
202	ensure => present,
203	mode => 644,
204	require => File["/etc/youri"],
205	content => template("buildsystem/submit-upload.conf")
206	}
207
208	file { "/etc/youri/acl.conf":
209	ensure => present,
210	mode => 644,
211	require => File["/etc/youri"],
212	content => template("buildsystem/youri_acl.conf")
213	}
214
215	file { '/usr/local/bin/submit_package':
216	ensure => present,
217	mode => 755,
218	content => template('buildsystem/submit_package')
219	}
220	}
221
222	# $groups: array of secondary groups (only local groups, no ldap)
223	define sshuser($homedir, $comment, $groups = []) {
224	group {"$title":
225	ensure => present,
226	}
227
228	user {"$title":
229	ensure => present,
230	comment => $comment,
231	managehome => true,
232	home => $homedir,
233	gid => $title,
234	groups => $groups,
235	shell => "/bin/bash",
236	notify => Exec["unlock$title"],
237	require => Group[$title],
238	}
239
240	# set password to * to unlock the account but forbid login through login
241	exec { "unlock$title":
242	command => "usermod -p '*' $title",
243	refreshonly => true,
244	}
245
246	file { $homedir:
247	ensure => "directory",
248	require => User[$title],
249	}
250
251	file { "$homedir/.ssh":
252	ensure => "directory",
253	mode => 600,
254	owner => $title,
255	group => $title,
256	require => File[$homedir],
257	}
258	}
259
260	class iurtuser {
261	sshuser { $build_login:
262	homedir => $build_home_dir,
263	comment => "System user used to run build bots",
264	}
265
266	file { "/etc/iurt":
267	ensure => "directory",
268	}
269	}
270
271	class iurt {
272	include sudo
273	include iurtuser
274	ssh::auth::client { $build_login: }
275	ssh::auth::server { $sched_login: user => $build_login }
276
277	# build node common settings
278	# we could have the following skip list to use less space:
279	# '/(drakx-installer-binaries\|drakx-installer-advertising\|gfxboot\|drakx-installer-stage2\|mandriva-theme)/'
280	$package_list = ['task-bs-cluster-chroot', 'iurt']
281	package { $package_list:
282	ensure => installed;
283	}
284
285	file { "/etc/iurt/build":
286	ensure => "directory",
287	require => File["/etc/iurt"],
288	}
289
290	file { "/etc/iurt/build/cauldron.conf":
291	ensure => present,
292	owner => $build_login,
293	group => $build_login,
294	mode => 644,
295	require => File["/etc/iurt/build"],
296	content => template("buildsystem/iurt.cauldron.conf")
297	}
298
299	file { "/etc/iurt/build/mandriva2010.1.conf":
300	ensure => present,
301	owner => $build_login,
302	group => $build_login,
303	mode => 644,
304	require => File["/etc/iurt/build"],
305	content => template("buildsystem/iurt.mandriva2010.1.conf")
306	}
307
308	sudo::sudoers_config { "iurt":
309	content => template("buildsystem/sudoers.iurt")
310	}
311	}
312
313	# temporary script to create home dir with ssh key
314	# taking login and url as arguments
315	class mgacreatehome {
316	file { "/usr/local/sbin/mgacreatehome":
317	ensure => present,
318	owner => root,
319	group => root,
320	mode => 700,
321	content => template("buildsystem/mgacreatehome")
322	}
323	}
324
325	class check_missing_deps {
326	file { "/usr/local/bin/missing-deps.sh":
327	ensure => present,
328	owner => root,
329	group => root,
330	mode => 755,
331	source => "puppet:///modules/buildsystem/missing-deps.sh",
332	}
333
334	# FIXME hardcoded path
335	cron { "check missing deps":
336	command => "cd /var/www/bs/data && /usr/local/bin/missing-deps.sh",
337	minute => "*/15",
338	}
339	}
340	}